Popular White Paper On This Topic

1.Click Start, and then click Run.
2. In the Open box, type regedit, and then
click OK.
3. Locate, and then click the following registry
key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Se rvices\UsbStor
4. In
the right pane, double-click Start.
5. In the Value data box, type 4, click
Hexadecimal (if it is not already selected), and then click OK.
6. Quit
Registry Editor.

Hi,
this is a problem that plagued me for some time, after trying all sorts of
methods including a script the disallowed access to the usbstor.sys and .inf
files (which was partially sucessful) i ended up going with securewave
www.securewave.com to secure my network from unauthorised flash drives etc..

what is your OS. your problem is hardware detect but device are not show this is Driver problem If win98 Install on your PC so that required Pendrive driver depend on your pendrive olny for win98 not for win2k,xp this is automatic detect driver.if your Problem is solved pl reply me.

the steps below will work perfectly, as i have applied to my network and no one can access the USB.
1.Click Start, and then click Run. 2. In the Open box, type regedit, and then click OK. 3. Locate, and then click the following registry key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\UsbStor 4. In the right pane, double-click Start. 5. In the Value data box, type 4, click Hexadecimal (if it is not already selected), and then click OK. 6. Quit Registry Editor.

the steps below will work perfectly, as i have applied to my network and no
one can access the USB.
1.Click Start, and then click Run. 2. In the Open box, type regedit, and
then click OK. 3. Locate, and then click the following registry key:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Se rvices\UsbStor 4. In the right
pane, double-click Start. 5. In the Value data box, type 4, click
Hexadecimal (if it is not already selected), and then click OK. 6. Quit
Registry Editor.

Also add this

************************

The next thing to do is to change the permissions on the USBSTOR key. You
need to DENY full control to "Everyone" on the group.

One way to do this is to go to each and every node (PC), power it up, go into the bios (setup), and disable the USB functions there, password protect the bios (setup) so the enduser/operator can not access it, save and exit the bios (setup), log on using your admin password, go to the device manager, and disable your USB functions there as well. Now I am assuming that you have already setup your users whereby they can not access device manager or even do as much as right click, etc..... right? I know it's alot of work, but that is one sure fire way to, "Git hur don!"

My experience and I would greatly appreciate other opinions, that what is said here is true and a very easy free process.
However, many employee's need and are allowed to use memory devices in their day to day work. In this case having a product that allows a straight forward solution to allow these USB Sticks and other memory storage devices to be used with administrative managed controls. Allowing only those individual devices that meet the company's qualifications. Blocking unauthorized device not only protecting data loss but stopping accidental virus from a infected device. Even better is to be able to give the Control management outside of overworked IT personnel scope of work. An example would be to allow the office manager to manage their employee's approval. Also if you lock down via the bio's all other non-memory devices will also be disabled. USB Lock RP does this and worth the look.

My advise is not to disable the usb in BIOS. As it will block all usb ports including USB keyboards and mouse, For The below Issue I can suggest to install USBSTOR.INF which will only block MASS STORAGE device and change the registry setting start value to 4. The same this what I am using for past years and protecting my systems and data too..

Hello sir
My advois is first of all disabled all woarkgroup system usb port by Cmos setup
Then after assing the supervisor passwoard in c-mos setup one one every system
I think this information is very relable for you

The problem with that is that you won’t be able to use any usb drives on the PC, and that there is no guarantee that it will stop the intruder as those measures can be reverted easily by replacing usbstor.inf back to its original version. At that point inserting a unknown usb storage device will revert the registry key back to 3 automatically and any usb can be used. (As usbstor.inf in its original version is readily available from internet this is not secure at all)

USB Admin Pro is an application that effectively restricts Removable Media. It not only restricts the media, but will also record log files locally and centrally. It will also send out critical email alerts, notifying you of someone trying to use one. Another advantage is that you can give specific removable drives full access to any computer. For example, if you have a systems support staff, and they have thumb drives with drivers or software on them, you can enable their drives to work in any restricted computer. They won't even have to logoff or enter any passwords to use them on any computer. They would simply insert their disk, and start working.

Anyone else trying to use their own disk will be greeted with an alert informing them that their removable media is not allowed, restricting use of their drive instantly. Restricts jump drives, flash drives, memory cards (with card readers), thumb drives, and pen drives.

Hi,
You can centrally disable usb ports from the domain controller. Note that this is better done in terms of components. Example, do you use only ps2 keyboard and mouse? Are there no printer with usb interface? What about other devices with usb?
Your answer to this question will determine the type of policy you enforce in the domain controller. However, it is only to enforce "mass storage component". This is always done to prevent virus and for security of data.